Use two-factor authentication for your Twitter account

Bad things can happen if your Twitter account gets hacked. At best, it annoys and confuses your followers; at worst, your account gets used to spread spam and malware. Ugh. Although nothing can completely stop hack attacks, using two-factor authentication can help.

Two-factor authentication--or as Twitter calls it, "login verification"--adds an additional layer of security when you try to log in to your account. In addition to entering your username and password, you also need to enter a single-use security code, which is usually sent to you via a text message or through the official Twitter smartphone app. This can prevent someone from accessing your account even if they get ahold of your username and password.

Twitter has a couple methods of supplying you a security code, and the method for setting it up is slightly different depending on which method you choose.

Getting verification codes via text message

To get your login verification codes in text messages, start by visiting Twitter.com and log in with your username and password. Next, click the gear icon in the upper right corner, and choose Settings from the menu that appears. On the next page, select Security and Privacy from the list on the left-hand side, then look for the Login Verification section under the Security heading.

At this point, select the button labelled Send login verification requests to my phone. Twitter will sent you a test text to make sure your phone can receive messages and ask you to make sure you got it. Once you do, Twitter will ask you for your password: Enter it when prompted and press Save Changes.

If the button is grayed out: You will have to add a phone number to your Twitter account: If that's the case, select Mobile from the list along the left-hand side of the window. Choose your country or region from the list, enter your cellphone number in the Phone number box, then press Activate phone.

Twitter will then ask you to send a text from your phone to activate it: Once you do--and once Twitter receives it--you'll get various options for receiving text message updates. You can adjust these now or come back to them later, but once you do, go back to the Security and Privacy section and set up login verification as described above.

Once you're set up, you'll get a text message that contains a six-digit verification code whenever you try to log into your account. Enter it when prompted, then press Submit. You will not have to log back into any Twitter client apps that are already associated with your account, but if you install a new Twitter client app on any of your devices, things get a little complicated.

If you want to log in using a Twitter client after turning on login verification, you will need to log in using a temporary password. To do so, go to the settings page on Twitter.com, select Password from the list on the left-hand side, then look for the Generate button in the upper right corner. Twitter will ask you to enter your regular password: Do as instructed, then press the Generate button, and Twitter will give you a temporary password you can use to log in using the app of your choice.

The temporary password does not replace your regular password: It's only to log into apps that don't directly support Twitter's login verification system, and it expires in one hour.

Getting verification codes through Twitter's mobile app

To use this option, you need to first install Twitter's official smartphone app for Android and iOS; you can get it from the Google Play store and the App Store, respectively. Open the app and sign in if asked, then tap the Me button in the black toolbar to get to your profile.

Next, click the gear icon on your profile page, then tap Settings. Tap Security on the settings screen, then toggle the slider labelled Login verification. You'll be asked to confirm that you want to use this phone to receive verification codes; if you do, tap the Confirm button. At this point, Twitter till switch on login verification for your phone, and you'll need to have your phone with you to log into Twitter.

Once you set up your account to receive verification codes through the Twitter app, you'll want to make note of your backup code, which you can use to get into your account as a last resort. Go back to the Security pane in the app, tap Backup Code, and write down the alphanumeric code that appears. Keep this in a safe place!

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.